Note: The FBI's NIPC (National Infrastructure Protection Center) has apparently reversed their original opinion. They no longer assert that Microsoft's Universal Plug & Play services should be disabled for extra protection. The most recent update to their previous two notices — which did advise users to disable the UPnP services — no longer includes this advice.

As you will see below, we believe that the FBI's original security advice was correct. Leaving unneeded and potentially vulnerable Internet services running makes no sense. Doing so is foolhardy, pointless, and insecure. Why would you?